-->
Page 1 of 1

Basic auth

PostPosted: Fri Mar 18, 2016 4:35 am
by Piotr K
I am trying to add some protection to my server, but cannot find any documentation on using basic authorization. Do I need to write CGI to support this, or is it somehow automated (like with .htaccess in Apache)?

Re: Basic auth

PostPosted: Fri Mar 18, 2016 8:31 am
by martinayotte
Basic Auth is quite simple :

- the client needs to provide "Authorization" in the header with user/passwd in base64.
- if client doesn't not provide the above, the server simply reply a 401 with 'WWW-Authenticate : Basic realm="MyServer123" ' in his header.

https://en.wikipedia.org/wiki/Basic_acc ... entication

Re: Basic auth

PostPosted: Fri Mar 18, 2016 9:50 am
by lethe
Everything you need is already implemented, look for "myPassFn" in user_main.c.
However unless you also add encryption, basic auth does not provide any real security, since the browser sends the username/password with ever get request, which an attacker can easily sniff.

Re: Basic auth

PostPosted: Fri Mar 18, 2016 12:59 pm
by Piotr K
Thanks, I searched the files but somehow missed that!

And yes, I know that this is not secure if https is not used, but it is just for basic access control.